A German court has ruled that website operators are allowed to store the internet protocol (IP) addresses of their visitors without violating data protection legislation. Without additional information, IP addresses do not count as personal data, it said.
The issue has never been tested in a UK court but the view of the German …

I partly agree...

1 - like BT and the Phorm debacle an ISP can pretty much, without legal backing, use this type of data for other uses.

2 - what and internal marketing that the ISP may do i.e. profile their customers

3 - Dyanmic IPs, in my experience, dont necessarily change each time you connect, especially with the advent of home broadband where the router at the punters location connects to the ISP and keeps the connection live for days/weeks/months. (Mine is slightly different cos I turn mine off when I am not using it to make sure that no-one can jump onto my WiFi, WEP/WAP/Whatever I dont trust it - paranoid? Yes....) So what to do with thes "semi-static" IP's?

4 - Illegal gaining of this information is highly possible. Without adequate precautions by the ISP, anyone into a bit of industrial esponage or just wanting to make a quick buck could put a LOT of info on a usb key (or similar)

Apart from that, I agree with the ruling and see it as, generally, fair. If the ISP wants to track things like "dont massively download on your 'unlimited' package" or "dont download illegal stuff" then that is up to them as long as its defined nicely in their T&C's and the punter can choose to be bound by those rules or not - as should be the notification that this info IS stored and WILL NOT be used for anything else blah blah blah. Dont try and hide it, that will just rile people. If you make it clear people can make the choice if they want to live with it or not, you may be suprised!

Great News!!

It seems our German courts are beginning to see sense in the privacy field.

This is superb news.

I have always wondered how nutters see an IP address as 'personal'. Obviously with other information it can contribute to assisting in identification, but so can your urine in the public toilet - yet you pissed that away without concern for your privacy!

We all know it (your piss) could be used to identify you if somebody put their mind to it and had sufficient background information, time, and money.

Urine denial

It's not hard to track dynamic addresses

If a website sets a cookie when I visit and records my IP address each time I visit, the owners of that website can easily track changes in my dynamic IP address over time - so they can link together all my visits to their site (assuming I use the same computer, user account on that computer and the same browser and also assuming I haven't disabled cookies).

Hence owners of well used websites (e.g. search engines, webmail sites, news sites, blog sites etc) can build up a history of my dynamic IP addresses over time. And let's face it, your dynamic IP address can only change after disconnect/reconnect, and most ISPs use DNS leases that mean you get the same IP address on reconnect anyway - but possibly forcing a change periodically so you have to pay extra for a static IP if you want to run services from your home connection.

So we have lots of different organisations who potentially have a complete (or mostly complete) picture of my dynamic addresses, and who are allowed to share this information - neatly making it more accurate as they increase the information known about you as they share it with each other.

This means the difference between static and dynamic IPs is very small in terms of privacy, and hence there really should be no legal difference ascribed to the protection afforded for either.

IP address is as personal as your car plate number

and that is a fact, get over it

if someone track your car plate number they will know which shop you visited, but they will not know what you actually bought. They will know that you went to the liberally but they will have no idea what you searched for. Only the people in the place you visited will know what you did, people outside will have no idea. The same apply to your IP address.

P.S. your account with the shop you visited (or credit card number) is the equivalent to your cookie. It doesn't matter what car/transportation you use, as long as you use the same credit card number, you are in books. But unlike your cookie you can't just delete then replace your credit cards. (are you still with me?)

No one is guaranteed anonymity online

Why would anyone expect anonymity when going online? Are people really that clueless? Do people really believe they can hide behind their PC monitor? If so I have some ocean front property in Arizona that I will sell for a very reasonable price.

Possible to track is another matter

Much like a drop of blood, really: it's possible for relevant authorities to track down the owner of a drop of blood by DNA fingerprinting, but if I see a drop of blood on the pavement outside, it could be anybody's. An e-mail address, like a telephone number, can actually be used to contact you without additional information - an IP address, like a car registration number, cannot.

The clown who brought this case whining about a website logging visitors' IP addresses - like virtually every web server on earth has done since HTTP was invented - really needs a beating with the cluestick. If he really wants to keep his IP address secret, he should switch to using an address in the 127.0.0.0/8 range and leave those of us in the real world to communicate sensibly.

Some proportion, please

I'd like to see a functional network stack that didn't remember the IP address it was supposed to reply to. Clearly the server has to retain the IP address somewhere for some period of time. Retaining it for longer makes sense if it helps the server operators with things like intrusion tracking, or if it helps law enforcement (suitably warranted) track other misdeeds. As long as the information is not phormed off into a larger dataset, it is no more a breach of your privacy than me remembering that I saw you in the street the other day.

That's pretty much what the judge said. IP addresses alone do not identify you without some subsequent investigative work. As long as *that* is restricted by some legal framework, there's no problem here. Perhaps Phorm and similar mischief has left us over-sensitive on this point.